International Association
for Cryptologic Research

Tian et al. proposed a novel ultralightweight

RFID mutual authentication protocol [4] that has recently

been analyzed in [1], [2], [5]. In this letter, we first propose

a desynchronization attack that succeeds with probability

almost 1, which improves upon the 0.25 given by the attack

in [1]. We also show that the bad properties of the proposed

permutation function can be exploited to disclose several

bits of the tag\'s secret (rather than just one bit as in [2]),

which increases the power of a traceability attack. Finally,

we show how to extend the above attack to run a full

disclosure attack, which requires to eavesdrop less protocol

runs than the attack described in [5] (i.e., 192